Django

Code

Ticket #5983 (closed: fixed)

Opened 1 year ago

Last modified 1 year ago

iriencode doesn't respect safe strings

Reported by: Antonis Christofides <anthony@itia.ntua.gr> Assigned to: nobody
Milestone: Component: Template system
Version: SVN Keywords: auto-escaping
Cc: Triage Stage: Ready for checkin
Has patch: 1 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description

This happens probably since autoescape. Steps to reproduce:

1. In a model, use the following: 

    class Admin:
        list_filter = ['column_a', 'column_b']

and you'll have two filters shown in the admin.

2. Choose something other than "All" in the first filter

3. Hover the mouse over something other than "All" in the second filter and look at the url.

Result: It will have a "&amp;" somewhere, when it should only have a "&". It doesn't work if you click it, of course.

See also #5976 for a related bug.

Attachments

safe_iriencode.diff (1.6 kB) - added by SmileyChris on 11/19/07 15:14:29.

Change History

11/19/07 15:01:42 changed by SmileyChris

  • needs_better_patch changed.
  • needs_tests changed.
  • needs_docs changed.

I narrowed it down to django/contrib/admin/templates/admin/filter.html - choice.querystring is SafeData, but iriencode doesn't respect that and it gets re-escaped.

Solution seems to be marking the iriencode filter with is_safe, since it doesn't introduce dangerous characters - so a safe string in means a safe string out.

11/19/07 15:02:11 changed by SmileyChris

  • stage changed from Unreviewed to Accepted.

(oh, and I can confirm this buggy behaviour)

11/19/07 15:14:29 changed by SmileyChris

  • attachment safe_iriencode.diff added.

11/19/07 15:15:21 changed by SmileyChris

  • keywords set to auto-escaping.
  • has_patch set to 1.
  • summary changed from Admin escapes ampersands in URLs when joining filters to iriencode doesn't respect safe strings.
  • component changed from Admin interface to Template system.
  • stage changed from Accepted to Ready for checkin.

Changing the topic to reflect the real cause of the issue.

11/19/07 19:37:58 changed by mtredinnick

  • status changed from new to closed.
  • resolution set to fixed.

(In [6706]) Fixed #5983 -- Made iriencode filter respect safe strings. Patch from SmileyChris?.

Add/Change #5983 (iriencode doesn't respect safe strings)




Change Properties
Action